Page MenuHomePhabricator
Paste P59008

T354136 - bearer sast results
ActivePublic
Actions

Authored by mmartorana on Mar 28 2024, 9:02 PM.
Tags
Referenced Files
F43694784: T354136 - bearer sast results
Mar 28 2024, 9:02 PM
Subscribers
None
HIGH: Unsanitized user input in dynamic HTML insertion (XSS) [CWE-79]
https://docs.bearer.com/reference/rules/javascript_lang_dangerous_insert_html
To ignore this finding, run: bearer ignore add 4516826828818974ab64ac0cad8ecca7_0
File: ts/adaptors/HTMLAdaptor.ts:216
216 this.document.createElement(kind));
HIGH: Unsanitized user input in dynamic HTML insertion (XSS) [CWE-79]
https://docs.bearer.com/reference/rules/javascript_lang_dangerous_insert_html
To ignore this finding, run: bearer ignore add 141ba318c9c2bef2476b1d7c69dd2c27_0
File: ts/core/MmlTree/MathMLVisitor.ts:93
93 let mml = this.document.createElement(node.kind);
HIGH: Unsanitized user input in dynamic HTML insertion (XSS) [CWE-79]
https://docs.bearer.com/reference/rules/javascript_lang_dangerous_insert_html
To ignore this finding, run: bearer ignore add 7eb4d800f73ff8c8fbecc2d28af46d6e_0
File: ts/input/asciimath/mathjax2/legacy/MathJax.js:1009
1009 var obj = document.createElement(type), id;
HIGH: Unsanitized user input in dynamic HTML insertion (XSS) [CWE-79]
https://docs.bearer.com/reference/rules/javascript_lang_dangerous_insert_html
To ignore this finding, run: bearer ignore add 841cf9e28817af5f1520b95ed874f5d5_0
File: ts/input/asciimath/mathjax2/legacy/jax/element/mml/jax.js:1441
1441 nNode = document.createElement(node.nodeName);
MEDIUM: Observable Timing Discrepancy [CWE-208]
https://docs.bearer.com/reference/rules/javascript_lang_observable_timing
To ignore this finding, run: bearer ignore add 52438ede5a339230883ac07ab6caf16f_0
File: ts/input/asciimath/mathjax2/legacy/MathJax.js:1018
1018 if (id === "role" || id.substr(0,5) === "aria-") obj.setAttribute(id,def[id]);
MEDIUM: Observable Timing Discrepancy [CWE-208]
https://docs.bearer.com/reference/rules/javascript_lang_observable_timing
To ignore this finding, run: bearer ignore add 52438ede5a339230883ac07ab6caf16f_1
File: ts/input/asciimath/mathjax2/legacy/MathJax.js:1911
1911 if (typeof(jax[id]) === 'undefined' && id !== 'newID') {delete this[id]}
MEDIUM: Observable Timing Discrepancy [CWE-208]
https://docs.bearer.com/reference/rules/javascript_lang_observable_timing
To ignore this finding, run: bearer ignore add 52438ede5a339230883ac07ab6caf16f_2
File: ts/input/asciimath/mathjax2/legacy/MathJax.js:1915
1915 if (typeof(this[id]) === 'undefined' || (this[id] !== jax[id] && id !== 'inputID'))
LOW: Usage of manual HTML sanitization (XSS) [CWE-79]
https://docs.bearer.com/reference/rules/javascript_lang_manual_html_sanitization
To ignore this finding, run: bearer ignore add 526ec601f0cfb81061c11efb3ef3ab76_0
File: ts/adaptors/lite/Parser.ts:392
392 return text.replace(/"/g, '"');
LOW: Usage of manual HTML sanitization (XSS) [CWE-79]
https://docs.bearer.com/reference/rules/javascript_lang_manual_html_sanitization
To ignore this finding, run: bearer ignore add 526ec601f0cfb81061c11efb3ef3ab76_1
File: ts/adaptors/lite/Parser.ts:400
400 return text.replace(/&/g, '&')
401 .replace(/</g, '&lt;')
402 .replace(/>/g, '&gt;');
LOW: Usage of manual HTML sanitization (XSS) [CWE-79]
https://docs.bearer.com/reference/rules/javascript_lang_manual_html_sanitization
To ignore this finding, run: bearer ignore add d1996970c03ed9e5af57d8644b163cf5_0
File: ts/core/MmlTree/SerializedMmlVisitor.ts:240
240 return value
241 .replace(/&/g, '&amp;')
242 .replace(/</g, '&lt;').replace(/>/g, '&gt;')
243 .replace(/\"/g, '&quot;')
WARNING: Improper neutralization of regular expressions [CWE-1333]
https://docs.bearer.com/reference/rules/javascript_lang_dynamic_regex
To ignore this finding, run: bearer ignore add ae9c37fd907d2df96d0402dbfd861236_0
File: components/bin/pack:37
37 return new RegExp(name.replace(/([\\.{}[\]()?*^$])/g, '\\$1'), 'g');
WARNING: Improper neutralization of regular expressions [CWE-1333]
https://docs.bearer.com/reference/rules/javascript_lang_dynamic_regex
To ignore this finding, run: bearer ignore add 5fd857774851d04783617601ef88f6e7_0
File: components/webpack.common.js:69
69 const mjRE = new RegExp('^(?:' + quoteRE(jsdir) + '|' + quoteRE(mjdir) + ')' + quoteRE(path.sep));
WARNING: Improper neutralization of regular expressions [CWE-1333]
https://docs.bearer.com/reference/rules/javascript_lang_dynamic_regex
To ignore this finding, run: bearer ignore add 5fd857774851d04783617601ef88f6e7_1
File: components/webpack.common.js:135
135 test: new RegExp(dirRE + quoteRE(path.sep) + '.*\\.js$'),
WARNING: Improper neutralization of regular expressions [CWE-1333]
https://docs.bearer.com/reference/rules/javascript_lang_dynamic_regex
To ignore this finding, run: bearer ignore add a817778bde2d1cc5a4c713eed4591241_0
File: ts/handlers/html/HTMLDomStrings.ts:151
151 this.processHtmlClass = new RegExp('(?:^| )(?:' + process + ')(?: |$)');
WARNING: Improper neutralization of regular expressions [CWE-1333]
https://docs.bearer.com/reference/rules/javascript_lang_dynamic_regex
To ignore this finding, run: bearer ignore add c4cc3a79efa470a2c4fb798f01c96853_0
File: ts/input/tex/FindTeX.ts:158
158 return new RegExp((endp || quotePattern(end)) + '|\\\\(?:[a-zA-Z]|.)|[{}]', 'g');
WARNING: Leakage of information in logger message [CWE-532]
https://docs.bearer.com/reference/rules/javascript_lang_logger_leak
To ignore this finding, run: bearer ignore add 249d198b25c094bf66273d5a814a10af_0
File: components/bin/copy:60
60 console.info(space + name + '/');
WARNING: Leakage of information in logger message [CWE-532]
https://docs.bearer.com/reference/rules/javascript_lang_logger_leak
To ignore this finding, run: bearer ignore add 249d198b25c094bf66273d5a814a10af_1
File: components/bin/copy:65
65 console.info(space + name);
WARNING: Leakage of information in logger message [CWE-532]
https://docs.bearer.com/reference/rules/javascript_lang_logger_leak
To ignore this finding, run: bearer ignore add 2abd9d6939bf082a1840ee6a616e8651_0
File: components/bin/makeAll:115
115 console.info('Building ' + dir.replace(compRE, '').replace(dirRE, '.'));
WARNING: Leakage of information in logger message [CWE-532]
https://docs.bearer.com/reference/rules/javascript_lang_logger_leak
To ignore this finding, run: bearer ignore add 2abd9d6939bf082a1840ee6a616e8651_1
File: components/bin/makeAll:120
120 console.info(' ' + String(result).replace(/\n/g, '\n '));
WARNING: Leakage of information in logger message [CWE-532]
https://docs.bearer.com/reference/rules/javascript_lang_logger_leak
To ignore this finding, run: bearer ignore add 2abd9d6939bf082a1840ee6a616e8651_2
File: components/bin/makeAll:122
122 console.info(' ' + err.message);
WARNING: Leakage of information in logger message [CWE-532]
https://docs.bearer.com/reference/rules/javascript_lang_logger_leak
To ignore this finding, run: bearer ignore add 2abd9d6939bf082a1840ee6a616e8651_3
File: components/bin/makeAll:135
135 console.info('Webpacking ' + dir.replace(compRE, '').replace(dirRE, '.'));
WARNING: Leakage of information in logger message [CWE-532]
https://docs.bearer.com/reference/rules/javascript_lang_logger_leak
To ignore this finding, run: bearer ignore add 2abd9d6939bf082a1840ee6a616e8651_4
File: components/bin/makeAll:140
140 console.info(' ' + String(result).replace(/\n/g, '\n '));
WARNING: Leakage of information in logger message [CWE-532]
https://docs.bearer.com/reference/rules/javascript_lang_logger_leak
To ignore this finding, run: bearer ignore add 2abd9d6939bf082a1840ee6a616e8651_5
File: components/bin/makeAll:142
142 console.info(' ' + err.message);
WARNING: Leakage of information in logger message [CWE-532]
https://docs.bearer.com/reference/rules/javascript_lang_logger_leak
To ignore this finding, run: bearer ignore add 2abd9d6939bf082a1840ee6a616e8651_6
File: components/bin/makeAll:155
155 console.info('Copying ' + dir.replace(compRE, ''));
WARNING: Leakage of information in logger message [CWE-532]
https://docs.bearer.com/reference/rules/javascript_lang_logger_leak
To ignore this finding, run: bearer ignore add 2abd9d6939bf082a1840ee6a616e8651_7
File: components/bin/makeAll:159
159 console.info(' ' + String(result).replace(/\n/g, '\n '));
WARNING: Leakage of information in logger message [CWE-532]
https://docs.bearer.com/reference/rules/javascript_lang_logger_leak
To ignore this finding, run: bearer ignore add 2abd9d6939bf082a1840ee6a616e8651_8
File: components/bin/makeAll:161
161 console.info(' ' + err.message);
WARNING: Leakage of information in logger message [CWE-532]
https://docs.bearer.com/reference/rules/javascript_lang_logger_leak
To ignore this finding, run: bearer ignore add 0d76c45b4fe620d4ba46fe566f7cb8db_0
File: components/bin/pack:95
95 console.log(asset.name + fileSize(asset));
WARNING: Leakage of information in logger message [CWE-532]
https://docs.bearer.com/reference/rules/javascript_lang_logger_leak
To ignore this finding, run: bearer ignore add 0d76c45b4fe620d4ba46fe566f7cb8db_1
File: components/bin/pack:121
121 console.log(
122 list
123 .filter(a => a.slice(2, 4) === './').sort()
124 .concat(list.filter(a => a.slice(2, 4) !== './').sort())
125 .join('\n')
126 );
WARNING: Leakage of information in logger message [CWE-532]
https://docs.bearer.com/reference/rules/javascript_lang_logger_leak
To ignore this finding, run: bearer ignore add 0d76c45b4fe620d4ba46fe566f7cb8db_2
File: components/bin/pack:128
128 console.error(err);
WARNING: Leakage of information in logger message [CWE-532]
https://docs.bearer.com/reference/rules/javascript_lang_logger_leak
To ignore this finding, run: bearer ignore add d1a276d6f46318dc0e2e6cf0a8233c31_0
File: ts/a11y/explorer.ts:619
619 console.log(e);
WARNING: Leakage of information in logger message [CWE-532]
https://docs.bearer.com/reference/rules/javascript_lang_logger_leak
To ignore this finding, run: bearer ignore add 5d0b16a7c13751cf50182ac499af030b_0
File: ts/a11y/explorer/KeyExplorer.ts:236
236 .catch((error: Error) => console.log(error.message));
WARNING: Leakage of information in logger message [CWE-532]
https://docs.bearer.com/reference/rules/javascript_lang_logger_leak
To ignore this finding, run: bearer ignore add 1c633a5b0fa9f433fc14cb4cb2b3e13c_0
File: ts/a11y/semantic-enrich.ts:323
323 console.warn('Enrichment error:', err);
WARNING: Leakage of information in logger message [CWE-532]
https://docs.bearer.com/reference/rules/javascript_lang_logger_leak
To ignore this finding, run: bearer ignore add 1507c6f0ec85122e1598c733ce7bc7b2_0
File: ts/adaptors/HTMLAdaptor.ts:524
524 console.warn(`MathJax: can't insert css rule '${rule}': ${e.message}`);
WARNING: Leakage of information in logger message [CWE-532]
https://docs.bearer.com/reference/rules/javascript_lang_logger_leak
To ignore this finding, run: bearer ignore add de768278f02155eab0eacd3dccf86a17_0
File: ts/components/loader.ts:181
181 console.warn(`No version information available for component ${name}`);
WARNING: Leakage of information in logger message [CWE-532]
https://docs.bearer.com/reference/rules/javascript_lang_logger_leak
To ignore this finding, run: bearer ignore add de768278f02155eab0eacd3dccf86a17_1
File: ts/components/loader.ts:241
241 console.warn(`Component ${name} uses ${version} of MathJax; version in use is ${VERSION}`);
WARNING: Leakage of information in logger message [CWE-532]
https://docs.bearer.com/reference/rules/javascript_lang_logger_leak
To ignore this finding, run: bearer ignore add de768278f02155eab0eacd3dccf86a17_2
File: ts/components/loader.ts:281
281 failed: (error: PackageError) => console.log(`MathJax(${error.package || '?'}): ${error.message}`),
WARNING: Leakage of information in logger message [CWE-532]
https://docs.bearer.com/reference/rules/javascript_lang_logger_leak
To ignore this finding, run: bearer ignore add 0ddfe7edef76a4e10f47aaa964112a19_0
File: ts/input/asciimath/mathjax2/legacy/MathJax.js:1548
1548 console.log("Message: "+text);
WARNING: Leakage of information in logger message [CWE-532]
https://docs.bearer.com/reference/rules/javascript_lang_logger_leak
To ignore this finding, run: bearer ignore add 52ce53958bb214ab76e08b0a7afcdac5_0
File: ts/input/tex/MapHandler.ts:183
183 console.log('TexParser Warning: ' + message);
WARNING: Leakage of information in logger message [CWE-532]
https://docs.bearer.com/reference/rules/javascript_lang_logger_leak
To ignore this finding, run: bearer ignore add 65346cd64a2621239ee775c07881c74d_0
File: ts/ui/menu/MenuHandler.ts:177
177 console.warn('Enrichment Error:', err),
WARNING: Leakage of information in logger message [CWE-532]
https://docs.bearer.com/reference/rules/javascript_lang_logger_leak
To ignore this finding, run: bearer ignore add 65346cd64a2621239ee775c07881c74d_1
File: ts/ui/menu/MenuHandler.ts:234
234 mathjax.retryAfter(this.menu.loadingPromise.catch((err) => console.log(err)));
WARNING: Leakage of information in logger message [CWE-532]
https://docs.bearer.com/reference/rules/javascript_lang_logger_leak
To ignore this finding, run: bearer ignore add a488c7326346064255ff218859811311_0
File: ts/util/Options.ts:87
87 console.warn('MathJax: ' + message);
WARNING: Unsanitized non-literal filename detected [CWE-73]
https://docs.bearer.com/reference/rules/javascript_lang_non_literal_fs_filename
To ignore this finding, run: bearer ignore add eeef4f974b1d8272435354dc4ad30dd5_0
File: components/bin/copy:45
45 const nodeDir = (dir => (fs.existsSync(dir) ? dir : path.resolve(parent, '..')))(path.join(parent, 'node_modules'));
WARNING: Unsanitized non-literal filename detected [CWE-73]
https://docs.bearer.com/reference/rules/javascript_lang_non_literal_fs_filename
To ignore this finding, run: bearer ignore add eeef4f974b1d8272435354dc4ad30dd5_1
File: components/bin/copy:56
56 !fs.existsSync(to) && fs.mkdirSync(to, {recursive: true});
WARNING: Unsanitized non-literal filename detected [CWE-73]
https://docs.bearer.com/reference/rules/javascript_lang_non_literal_fs_filename
To ignore this finding, run: bearer ignore add eeef4f974b1d8272435354dc4ad30dd5_2
File: components/bin/copy:59
59 if (fs.lstatSync(copy).isDirectory()) {
WARNING: Unsanitized non-literal filename detected [CWE-73]
https://docs.bearer.com/reference/rules/javascript_lang_non_literal_fs_filename
To ignore this finding, run: bearer ignore add eeef4f974b1d8272435354dc4ad30dd5_3
File: components/bin/copy:61
61 for (const file of fs.readdirSync(copy)) {
WARNING: Unsanitized non-literal filename detected [CWE-73]
https://docs.bearer.com/reference/rules/javascript_lang_non_literal_fs_filename
To ignore this finding, run: bearer ignore add eeef4f974b1d8272435354dc4ad30dd5_4
File: components/bin/copy:66
66 fs.copyFileSync(copy, dest);
WARNING: Unsanitized non-literal filename detected [CWE-73]
https://docs.bearer.com/reference/rules/javascript_lang_non_literal_fs_filename
To ignore this finding, run: bearer ignore add 0a54f86a6dbb6d19adf06edc22b36956_0
File: components/bin/makeAll:99
99 for (const name of fs.readdirSync(dir)) {
WARNING: Unsanitized non-literal filename detected [CWE-73]
https://docs.bearer.com/reference/rules/javascript_lang_non_literal_fs_filename
To ignore this finding, run: bearer ignore add 0a54f86a6dbb6d19adf06edc22b36956_1
File: components/bin/makeAll:101
101 if (fs.lstatSync(file).isDirectory()) {
WARNING: Unsanitized dynamic input in file path [CWE-22]
https://docs.bearer.com/reference/rules/javascript_lang_path_traversal
To ignore this finding, run: bearer ignore add 8d4149438f7e5684273f85dcb580c7b7_0
File: components/bin/copy:57
57 const copy = path.resolve(from, name);
WARNING: Unsanitized dynamic input in file path [CWE-22]
https://docs.bearer.com/reference/rules/javascript_lang_path_traversal
To ignore this finding, run: bearer ignore add 8d4149438f7e5684273f85dcb580c7b7_1
File: components/bin/copy:58
58 const dest = path.resolve(to, name);
WARNING: Unsanitized dynamic input in file path [CWE-22]
https://docs.bearer.com/reference/rules/javascript_lang_path_traversal
To ignore this finding, run: bearer ignore add adebdcd1bbaa3b45ae70bc5ac80bfcf9_0
File: components/bin/makeAll:100
100 const file = path.join(dir, name);
WARNING: Unsanitized dynamic input in file path [CWE-22]
https://docs.bearer.com/reference/rules/javascript_lang_path_traversal
To ignore this finding, run: bearer ignore add adebdcd1bbaa3b45ae70bc5ac80bfcf9_1
File: components/bin/makeAll:113
113 const file = path.join(dir, 'build.json');
WARNING: Unsanitized dynamic input in file path [CWE-22]
https://docs.bearer.com/reference/rules/javascript_lang_path_traversal
To ignore this finding, run: bearer ignore add adebdcd1bbaa3b45ae70bc5ac80bfcf9_2
File: components/bin/makeAll:133
133 const file = path.join(dir, 'webpack.config.js');
WARNING: Unsanitized dynamic input in file path [CWE-22]
https://docs.bearer.com/reference/rules/javascript_lang_path_traversal
To ignore this finding, run: bearer ignore add adebdcd1bbaa3b45ae70bc5ac80bfcf9_3
File: components/bin/makeAll:153
153 const file = path.join(dir, 'copy.json');
WARNING: Unsanitized dynamic input in file path [CWE-22]
https://docs.bearer.com/reference/rules/javascript_lang_path_traversal
To ignore this finding, run: bearer ignore add c8475d8c2c01dd49208f596a9f8152f9_0
File: components/bin/pack:81
81 const dirRE = fileRegExp(path.resolve(dir));
WARNING: Unsanitized dynamic input in file path [CWE-22]
https://docs.bearer.com/reference/rules/javascript_lang_path_traversal
To ignore this finding, run: bearer ignore add c8475d8c2c01dd49208f596a9f8152f9_1
File: components/bin/pack:86
86 const jsdir = require(path.resolve(dir, 'webpack.config.js')).plugins[0].definitions.__JSDIR__;
WARNING: Unsanitized dynamic input in file path [CWE-22]
https://docs.bearer.com/reference/rules/javascript_lang_path_traversal
To ignore this finding, run: bearer ignore add c8475d8c2c01dd49208f596a9f8152f9_2
File: components/bin/pack:88
88 const libRE = fileRegExp(path.resolve(jsdir, '..', 'components'));
WARNING: Unsanitized dynamic input in file path [CWE-22]
https://docs.bearer.com/reference/rules/javascript_lang_path_traversal
To ignore this finding, run: bearer ignore add c8475d8c2c01dd49208f596a9f8152f9_3
File: components/bin/pack:102
102 module.name = path.resolve(dir, module.name)
WARNING: Unsanitized dynamic input in file path [CWE-22]
https://docs.bearer.com/reference/rules/javascript_lang_path_traversal
To ignore this finding, run: bearer ignore add a92dc75c57fb0b117e5f11f7fd8aac5b_0
File: components/src/node-main/node-main.js:58
58 return REQUIRE(name.charAt(0) === '.' ? path.resolve(ROOT, name) : name);
WARNING: Unsanitized dynamic input in file path [CWE-22]
https://docs.bearer.com/reference/rules/javascript_lang_path_traversal
To ignore this finding, run: bearer ignore add 859c415cb0c08ef9b5eadd09b8bd4543_0
File: components/webpack.common.js:48
48 const jsdir = path.resolve(dir, js);
WARNING: Unsanitized dynamic input in file path [CWE-22]
https://docs.bearer.com/reference/rules/javascript_lang_path_traversal
To ignore this finding, run: bearer ignore add 859c415cb0c08ef9b5eadd09b8bd4543_1
File: components/webpack.common.js:68
68 const jsdir = path.resolve(dir, js);
WARNING: Unsanitized dynamic input in file path [CWE-22]
https://docs.bearer.com/reference/rules/javascript_lang_path_traversal
To ignore this finding, run: bearer ignore add 859c415cb0c08ef9b5eadd09b8bd4543_2
File: components/webpack.common.js:75
75 libs = libs.map(lib => path.join(lib.charAt(0) === '.' ? dir : root, lib) + path.sep);
WARNING: Unsanitized dynamic input in file path [CWE-22]
https://docs.bearer.com/reference/rules/javascript_lang_path_traversal
To ignore this finding, run: bearer ignore add 859c415cb0c08ef9b5eadd09b8bd4543_3
File: components/webpack.common.js:86
86 resource.request.charAt(0) === '.' ? path.resolve(resource.path, resource.request) : resource.request :
WARNING: Unsanitized dynamic input in file path [CWE-22]
https://docs.bearer.com/reference/rules/javascript_lang_path_traversal
To ignore this finding, run: bearer ignore add 859c415cb0c08ef9b5eadd09b8bd4543_4
File: components/webpack.common.js:158
158 const distDir = dist ? path.resolve(dir, dist) :
WARNING: Unsanitized dynamic input in file path [CWE-22]
https://docs.bearer.com/reference/rules/javascript_lang_path_traversal
To ignore this finding, run: bearer ignore add 859c415cb0c08ef9b5eadd09b8bd4543_5
File: components/webpack.common.js:159
159 path.resolve(path.dirname(js), 'es5', path.dirname(name));
WARNING: Unsanitized dynamic input in file path [CWE-22]
https://docs.bearer.com/reference/rules/javascript_lang_path_traversal
To ignore this finding, run: bearer ignore add 859c415cb0c08ef9b5eadd09b8bd4543_6
File: components/webpack.common.js:163
163 entry: path.join(dir, name + '.js'),
WARNING: Unsanitized dynamic input in file path [CWE-22]
https://docs.bearer.com/reference/rules/javascript_lang_path_traversal
To ignore this finding, run: bearer ignore add a7b52728805558486d3c7fb9cbc50545_0
File: ts/util/asyncLoad/node.ts:34
34 return require(name.charAt(0) === '.' ? path.resolve(root, name) : name);
=====================================
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL